6 days after Wordpress 2.2 release, Janek Vind has discovered a SQL injection vulnerability in WordPress 2.1.3, which can be exploited to conduct SQL injection attacks.

In case you use Adsense, YPN or Chitika you might be intersted in AdsBlackList.com’s free service which lists hundreds of worthless websites URL that you can filter not to appear on your website.

I reviewed the number of security vulnerabilities published for the major blogging platforms in the past year (May 2006 - May 2007) . The numbers are high, especially for the open source products (Wordpress, Drupal).

The biggest two online anti-phishing databases are PhishTank and Anti-Phishing Working Group (APWG). However, I noticed some big differences between these two organizations.

Identity theft happens everyday and apparently there are no security controls which can stop this menace. Ranging from a few hundred SSN disclosure to milions of credit card compromise - (TJ MAXX is a “good refference” on this subject) - identity theft continues to pose one of the biggest threats to US Internet economy.

David Kierznowski of Operation n has discovered a serious flaw in the Akismet anti-spam plugin that comes by default with the latest version of WordPress (2.1.3).

OpenDNS has added a new interesting feature to their free DNS resolution service. It’s about domain blocking. It may seem a poor man’s URL filtering solution.

N-Stalker is a great tool for every day’s security tests. It’s packed with lots of features which will make your job easier. For instance it can go beyond the login screen of an application thanks to its smart authentication procedure which supports pre-recorded username/password pairs as well as digital certificates.

I bet you never knew that one reliable resource of dictionary based password attacks is the US Census bureau.

A Security Fuzzer is a tool designed to provide random data (fuzzing testing) to an application’s parameters. In the context of web application testing, fuzzing means testing especially for buffer overflow, parameter format check, various encoding and error handling.